CVE-2022-31192

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31192

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31192.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31192

Aliases

GHSA-4wm8-c2vv-xrpq

Published

2022-08-01T21:15:13Z

Modified

2024-05-15T01:16:17.122623Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/dspace/dspace

Affected ranges

Type: GIT
Repo: https://github.com/dspace/dspace
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

28eb8158210d41168a62ed5f9e044f754513bc37

Fixed

f7758457b7ec3489d525e39aa753cc70809d9ad9

Affected versions

dspace-3.*

dspace-3.0

dspace-3.0-rc1

dspace-3.0-rc2

dspace-3.0-rc3

dspace-4.*

dspace-4.0

dspace-4.0-rc1

dspace-4.0-rc2

dspace-4.0-rc3

dspace-5.*

dspace-5.0

dspace-5.0-rc1

dspace-5.0-rc2

dspace-5.0-rc3

dspace-5.1

dspace-5.10

dspace-5.2

dspace-5.3

dspace-5.4

dspace-5.5

dspace-5.6

dspace-5.7

dspace-5.8

dspace-5.9

dspace-6.*

dspace-6.0

dspace-6.0-pre-DS-2701

dspace-6.0-rc1

dspace-6.0-rc2

dspace-6.0-rc3

dspace-6.0-rc4

dspace-6.1

dspace-6.2

dspace-6.3